Google has fixed a serious bug in a Chrome OS stable channel update released earlier this week that locked Chromebook users out of their machines.
The verification error, present in version 91.1.4472.165, came as a result of a single character typo in a string of code in Chrome OS’s Cryptohome VaultKeyset, which is the portion of the operating system that holds user encryption keys.
The string in question was a conditional statement that included a single ampersand, ‘&’, instead of two ampersands, ‘&&’, which is the AND operator in C++. As a result, the conditional statement was broken and meant that Chrome OS was unable to check user passwords against those stored.
This meant, in practice, that all users who had updated to 91.1.4472.165 were met with error messages, even if they had entered the correct password to access their user account. For some users, their devices were even stuck in a boot loop that meant they couldn’t even reach the login screen.
Google rolled out the buggy update through its stable channel last weekend, which bypassed several of its testing channels including the ‘canary’, ‘dev’, and ‘beta’ channels.
RELATED RESOURCE
DevOps: A view from the enterprise
What's driving DevOps, the impact of value stream management, and more
It was then almost immediately met with widespread complaints on social media platforms such as Reddit. There were several threads and hundreds of posts on the r/chromeos page from users reporting they were unable to access their machines properly, alongside messages warning others not to update to the latest version of Chrome OS.
Google’s engineering team quickly identified the bug and halted the rollout of the Chrome OS update on Tuesday, promising a new version the following day. In the meantime, the team recommended either factory resetting the device or rolling back the Chrome OS device to a previous version via USB. The firm released version 91.1.4472.167 the next day.
This is the second major bug that’s slipped into the stable channel for Chrome OS updates this month. Another bug that slipped into a final release caused extremely high CPU usage spikes, according to Android Police.
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
-
A new framework for third-party risk in the European Unionwhitepaper Report: DORA and cyber risk
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Nintendo hacker forced to pay company 25-30% of earnings for lifeNews Gary Bowser pled guilty to hacking charges in 2021
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
Kali Linux releases first-ever defensive distro with score of new toolsNews Kali Purple marks the next step for the red-teaming platform on the project's tenth anniversary
-
Yandex data breach reveals source code littered with racist languageNews Yandex source code for a range of key services was leaked to a popular hacker forum last week
-
Windows 11 System Restore bug preventing users from accessing appsNews Microsoft has issued a series of workarounds for the issue which is affecting a range of apps including Office and Terminal
